Overview
This article explains why a user is able to log in when their account is in the Blocked(Bruteforce) state.
The following settings are enabled:
- Brute-force Protection enabled
- Block Brute-force Logins - enabled
Applies To
- Brute-force Protection
- Blocked(Bruteforce)
Cause
Brute-force protection safeguards against a single IP address attacking a single user account.
Solution
Review the backend logs and check for which IP the user is blocked under User Management > Users > Search the user > Raw JSON .
"blocked_for": [
{
"identifier": "abc@example.com",
"connection": "Username-Password-Authentication",
"ip": "11.22.33.44"
}
The recent login is from a different IP address -12.23.237.116—which is why they are able to log in.
You can check the logs corresponding to the user under Dashboard > Monitoring > Logs:
user_id:"auth0|123456"